Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level

Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level

This thesis explores the governance of artificial intelligence (AI) through various frameworks, emphasizing the necessity of comprehensive management beyond technical solutions in order to achieve effective and secure AI in a complex socio-technical world. The research posits that AI risks cannot be...

Täydet tiedot

Bibliografiset tiedot
Päätekijä: Reivo, Juho
Muut tekijät: Faculty of Information Technology, Informaatioteknologian tiedekunta, University of Jyväskylä, Jyväskylän yliopisto
Aineistotyyppi: Pro gradu
Kieli:fin
Julkaistu: 2024
Aiheet:
Specialisation in Comprehensive Security and Strategic Intelligence
Kokonaisturvallisuuden ja strategisen tiedustelun opintosuunta
Linkit: https://jyx.jyu.fi/handle/123456789/98076
_version_ 1826225731024191488
author Reivo, Juho
author2 Faculty of Information Technology Informaatioteknologian tiedekunta University of Jyväskylä Jyväskylän yliopisto
author_facet Reivo, Juho Faculty of Information Technology Informaatioteknologian tiedekunta University of Jyväskylä Jyväskylän yliopisto Reivo, Juho Faculty of Information Technology Informaatioteknologian tiedekunta University of Jyväskylä Jyväskylän yliopisto
author_sort Reivo, Juho
datasource_str_mv jyx
description This thesis explores the governance of artificial intelligence (AI) through various frameworks, emphasizing the necessity of comprehensive management beyond technical solutions in order to achieve effective and secure AI in a complex socio-technical world. The research posits that AI risks cannot be mitigated solely through technical means or managed through a singular strategy at a single level. The central hypothesis is that small organizations struggle to meet the demands of prominent AI frameworks, which often overlook the unique situation of these entities and particularly the challenges faced by small public sector organizations. The study highlights how practical level issues within these frameworks may threaten AI adoption. This research examines three key frameworks: the European Union Artificial Intelligence Act (EU AIA), ISO/IEC 42001:2023, and the National Institute of Standards and Technology AI Risk Management Framework (NIST RMF). The primary research question investigates practical risk management issues related to AI governance and human roles within these frameworks. Findings suggest that these frameworks are extensive and challenging for small organizations, particularly in the public sector, which often have limited IT and security resources. The study underscores the importance of selecting and calibrating governance frameworks appropriately, as inadequate frameworks render digital security efforts ineffective. Closer examination is also done in order to clarify structures of frameworks for effective governance and management of AI systems, risks and digital security aspects. Tässä lopputyössä tarkastellaan tekoälyn hallintaa eri viitekehysten avulla ja korostetaan, että teknisiä ratkaisuja laajemman kokonaisvaltaisen hallinnan tarve on tarpeen, jotta tekoäly olisi tehokas ja turvallinen monimutkaisessa sosioteknisessä maailmassa. Tutkimuksessa esitetään, että tekoälyyn liittyviä riskejä ei voida lieventää pelkästään teknisin keinoin eikä niitä voida hallita yksittäisellä strategialla yksittäisellä tasolla. Keskeinen hypoteesi on, että pienillä organisaatioilla on vaikeuksia vastata tunnettujen tekoälykehysten vaatimuksiin, joissa usein jätetään huomiotta näiden toimijoiden erityinen tilanne ja erityisesti julkisen sektorin pienten organisaatioiden kohtaamat haasteet. Tutkimuksessa tuodaan esiin, miten käytännön tason toteutus näissä kehyksissä voivat uhata tekoälyn käyttöönottoa. Tutkimuksessa tarkastellaan kolmea keskeistä kehystä: Euroopan unionin tekoälylaki eli Artificial Intelligence Act (EU AIA), ISO/IEC 42001:2023 ja National Institute of Standards and Technology AI Risk Management Framework (NIST RMF). Ensisijainen tutkimuskysymys tarkastelee käytännön riskinhallinnan kysymyksiä, jotka liittyvät tekoälyn hallintoon ja ihmisten osuuksiin näissä kehyksissä. Tulokset viittaavat siihen, että nämä kehykset ovat laajoja ja haastavia pienille organisaatioille, erityisesti julkisella sektorilla, joilla on usein rajalliset tietojärjestelmähallinto- ja turvallisuusresurssit. Tutkimuksessa korostetaan, että on tärkeää valita ja kalibroida hallintakehykset asianmukaisesti, sillä soveltumattomat kehykset tekevät digitaalisen turvallisuuden ponnisteluista tehottomia. Tarkempaa tarkastelua tehdään myös tekoälyjärjestelmien, riskien ja digitaalisen turvallisuuden näkökohtien tehokasta hallinnointia ja hallintaa koskevien kehysten rakenteiden selventämiseksi.
first_indexed 2024-11-05T21:00:23Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Reivo, Juho", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-11-04T13:03:35Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-11-04T13:03:35Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/98076", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This thesis explores the governance of artificial intelligence (AI) through various frameworks, emphasizing the necessity of comprehensive management beyond technical solutions in order to achieve effective and secure AI in a complex socio-technical world. The research posits that AI risks cannot be mitigated solely through technical means or managed through a singular strategy at a single level. \n\tThe central hypothesis is that small organizations struggle to meet the demands of prominent AI frameworks, which often overlook the unique situation of these entities and particularly the challenges faced by small public sector organizations. The study highlights how practical level issues within these frameworks may threaten AI adoption. This research examines three key frameworks: the European Union Artificial Intelligence Act (EU AIA), ISO/IEC 42001:2023, and the National Institute of Standards and Technology AI Risk Management Framework (NIST RMF). The primary research question investigates practical risk management issues related to AI governance and human roles within these frameworks. \n\tFindings suggest that these frameworks are extensive and challenging for small organizations, particularly in the public sector, which often have limited IT and security resources. The study underscores the importance of selecting and calibrating governance frameworks appropriately, as inadequate frameworks render digital security efforts ineffective. Closer examination is also done in order to clarify structures of frameworks for effective governance and management of AI systems, risks and digital security aspects.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4ss\u00e4 lopputy\u00f6ss\u00e4 tarkastellaan teko\u00e4lyn hallintaa eri viitekehysten avulla ja korostetaan, ett\u00e4 teknisi\u00e4 ratkaisuja laajemman kokonaisvaltaisen hallinnan tarve on tarpeen, jotta teko\u00e4ly olisi tehokas ja turvallinen monimutkaisessa sosioteknisess\u00e4 maailmassa. Tutkimuksessa esitet\u00e4\u00e4n, ett\u00e4 teko\u00e4lyyn liittyvi\u00e4 riskej\u00e4 ei voida lievent\u00e4\u00e4 pelk\u00e4st\u00e4\u00e4n teknisin keinoin eik\u00e4 niit\u00e4 voida hallita yksitt\u00e4isell\u00e4 strategialla yksitt\u00e4isell\u00e4 tasolla. \n\tKeskeinen hypoteesi on, ett\u00e4 pienill\u00e4 organisaatioilla on vaikeuksia vastata tunnettujen teko\u00e4lykehysten vaatimuksiin, joissa usein j\u00e4tet\u00e4\u00e4n huomiotta n\u00e4iden toimijoiden erityinen tilanne ja erityisesti julkisen sektorin pienten organisaatioiden kohtaamat haasteet. Tutkimuksessa tuodaan esiin, miten k\u00e4yt\u00e4nn\u00f6n tason toteutus n\u00e4iss\u00e4 kehyksiss\u00e4 voivat uhata teko\u00e4lyn k\u00e4ytt\u00f6\u00f6nottoa. Tutkimuksessa tarkastellaan kolmea keskeist\u00e4 kehyst\u00e4: Euroopan unionin teko\u00e4lylaki eli Artificial Intelligence Act (EU AIA), ISO/IEC 42001:2023 ja National Institute of Standards and Technology AI Risk Management Framework (NIST RMF). Ensisijainen tutkimuskysymys tarkastelee k\u00e4yt\u00e4nn\u00f6n riskinhallinnan kysymyksi\u00e4, jotka liittyv\u00e4t teko\u00e4lyn hallintoon ja ihmisten osuuksiin n\u00e4iss\u00e4 kehyksiss\u00e4. \n\tTulokset viittaavat siihen, ett\u00e4 n\u00e4m\u00e4 kehykset ovat laajoja ja haastavia pienille organisaatioille, erityisesti julkisella sektorilla, joilla on usein rajalliset tietoj\u00e4rjestelm\u00e4hallinto- ja turvallisuusresurssit. Tutkimuksessa korostetaan, ett\u00e4 on t\u00e4rke\u00e4\u00e4 valita ja kalibroida hallintakehykset asianmukaisesti, sill\u00e4 soveltumattomat kehykset tekev\u00e4t digitaalisen turvallisuuden ponnisteluista tehottomia. Tarkempaa tarkastelua tehd\u00e4\u00e4n my\u00f6s teko\u00e4lyj\u00e4rjestelmien, riskien ja digitaalisen turvallisuuden n\u00e4k\u00f6kohtien tehokasta hallinnointia ja hallintaa koskevien kehysten rakenteiden selvent\u00e4miseksi.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2024-11-04T13:03:34Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-11-04T13:03:35Z (GMT). No. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "89", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "CC BY-NC-ND 4.0", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202411046923", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Specialisation in Comprehensive Security and Strategic Intelligence", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kokonaisturvallisuuden ja strategisen tiedustelun opintosuunta", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://creativecommons.org/licenses/by-nc-nd/4.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
id jyx.123456789_98076
language fin
last_indexed 2025-02-18T10:55:20Z
main_date 2024-01-01T00:00:00Z
main_date_str 2024
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/b1bd0ec8-d76d-485d-9db6-727b42de4569\/download","text":"URN:NBN:fi:jyu-202411046923.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2024
record_format qdc
source_str_mv jyx
spellingShingle Reivo, Juho Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level Specialisation in Comprehensive Security and Strategic Intelligence Kokonaisturvallisuuden ja strategisen tiedustelun opintosuunta
title Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level
title_full Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level
title_fullStr Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level
title_full_unstemmed Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level
title_short Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level
title_sort artificial intelligence governance management and risk management a look into eu aia standards and other frameworks from practical level
title_txtP Artificial intelligence governance, management and risk management - A look into EU AIA, standards and other frameworks from practical level
topic Specialisation in Comprehensive Security and Strategic Intelligence Kokonaisturvallisuuden ja strategisen tiedustelun opintosuunta
topic_facet Kokonaisturvallisuuden ja strategisen tiedustelun opintosuunta Specialisation in Comprehensive Security and Strategic Intelligence
url https://jyx.jyu.fi/handle/123456789/98076 http://www.urn.fi/URN:NBN:fi:jyu-202411046923
work_keys_str_mv AT reivojuho artificialintelligencegovernancemanagementandriskmanagementalookintoeuaiastandardsando

Samankaltaisia teoksia